Re: Problems with privilege mode 5 commands

From: Larry Roberts (groupstudy@american-hero.com)
Date: Wed Feb 08 2006 - 23:59:04 GMT-3

• Next message: Pallavi Srinivasa: "Re: FRTS on SubInt or DLCI??"
• Previous message: RIDNEY_M_LAUDIANO.TTSP@ts.tsuneishi.co.jp: "Re: confused with using the com mand no frame-relay"
• Maybe in reply to: Anderson Mota Alves: "Problems with privilege mode 5 commands"
• Next in thread: Anderson Mota Alves: "Re: Problems with privilege mode 5 commands"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

my solution using AAA. I removed unrelated config info.

username cisco privilege 15 password 0 cisco
username test5 privilege 5 password 0 test5
aaa new-model
!
!
aaa authentication login default local
aaa authorization config-commands
aaa authorization exec default local
aaa authorization commands 5 default local
aaa authorization commands 15 default local
!
privilege interface level 5 ip address
privilege interface level 5 ip
privilege configure level 5 interface
privilege exec level 5 write memory
privilege exec level 5 write
privilege exec level 5 ping
privilege exec level 5 configure terminal
privilege exec level 5 configure
privilege exec level 5 undebug all
privilege exec level 5 undebug
!
line con 0
line aux 0
line vty 0 4
!
!
end

Anderson Mota Alves wrote:
> Hi Mario,
>
> Thanks for the advise I tried your command and everything worked just
> fine :-D Actually I didn't need to put the privilege interface level 5 ip
> and then privilege interface level 5 ip address I just put the privilege
> interface level 5 ip address.
>
> Something to be aware of is that if you have a requeriment to configure
> this and to put into the telnet lines line vty 0 4 and for some reasons
> you don't have other user configured for privilege level 15 you may get
> yourself locked if you time out or try to reconnect the connection
> because after configured line vty 0 4 and login local if you have only a
> user in level 5 you won't have anymore rights than previously configured.
>
> Thanks Jens and Mario.
>
> --------------------------------------------------------------------
>
> From: "Salzano, Mario Arthur Costa" <mario.salzano@siemens.com>
> Reply-To: "Salzano, Mario Arthur Costa" <mario.salzano@siemens.com>
> To: "Jens Petter Eikeland" <jenseike@start.no>, "Anderson Mota
> Alves" <mota_anderson@hotmail.com>, <ccielab@groupstudy.com>
> Subject: RE: Problems with privilege mode 5 commands
> Date: Wed, 8 Feb 2006 17:13:31 -0200
> >Hi Andy,
> >
> >Try to use the commands: privilege interface level 5 ip and
> privilege
> >interface level 5 ip address. I did this way and it worked properly.
> >Tell me the result, ok?
> >
> >Good Luck!
> >
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> >Jens Petter Eikeland
> >Sent: Wednesday, February 08, 2006 1:58 PM
> >To: Anderson Mota Alves; ccielab@groupstudy.com
> >Subject: Re: Problems with privilege mode 5 commands
> >
> >have you tried debuging this to see what is really happening. also
> you
> >should add the "privilege exec level 5 configure" command. also try
> >remove
> >the enable secret 5 and then test.. test with only the commands that
> are
> >
> >needed to do the task... do the basics.. the config looks good to
> me, so
> >the
> >debug should tell you something more about it.
> >----- Original Message -----
> >From: "Anderson Mota Alves" <mota_anderson@hotmail.com>
> >To: <ccielab@groupstudy.com>
> >Sent: Wednesday, February 08, 2006 2:39 PM
> >Subject: Problems with privilege mode 5 commands
> >
> >
> > > Hi everyone, I have a requirement to make stated below and I made
> a
> > > resolution yesterday in my lab but the problem is that when I
> tried to
> > > assign an ip address to an interface logged in level 5 with the
> >commands
> > > I configured I can't make it, so I was wondering if someone here
> could
> > > help me out?Configure an user in privilege mode 5 with username
> user5
> >and
> > > password user5 and he must be able to do the following:
> > > Make an extended ping
> > > Configure interfaces
> > > Assign and remove IP address to an interface
> > > Save the config in NVRAM
> > > and turn off all the debugging in the router My
> resolution:username
> > > cisco5 privilege 5 password 0 cisco5
> > > enable secret level 5 5 $1$bkFU$AyQYwdii5.bP8n4hMKut6. privilege
> > > configure level 5 interface
> > > privilege configure level 5 ip address
> > > privilege exec level 5 ping
> > > privilege exec level 5 configure terminal
> > > privilege exec level 5 copy run start
> > > privilege exec level 5 undebug all line console 0
> > > login local Any comments are really appreciated !!! Regards,
> > > Andy
> > >
> > >
> >_______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Pallavi Srinivasa: "Re: FRTS on SubInt or DLCI??"
• Previous message: RIDNEY_M_LAUDIANO.TTSP@ts.tsuneishi.co.jp: "Re: confused with using the com mand no frame-relay"
• Maybe in reply to: Anderson Mota Alves: "Problems with privilege mode 5 commands"
• Next in thread: Anderson Mota Alves: "Re: Problems with privilege mode 5 commands"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Mar 01 2006 - 11:28:17 GMT-3